From bb435cbd0313ec0ec6889181223929578603d73d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 28 Oct 2006 04:17:43 +0000 Subject: r19502: fixed the RPC-SECRETS test with kerberos. Andrew, can you look at this as well? The server side change is needed to fix a valgrind error, which was possibly exploitable if the client sent deliberately bad data (This used to be commit e3c04cf165fe15739197b2713e78046399aa7653) --- source4/librpc/rpc/dcerpc.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'source4/librpc/rpc') diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c index 28e48c4a5a..bda07066ff 100644 --- a/source4/librpc/rpc/dcerpc.c +++ b/source4/librpc/rpc/dcerpc.c @@ -272,7 +272,6 @@ static NTSTATUS ncacn_pull_request_auth(struct dcerpc_connection *c, TALLOC_CTX return status; } - /* check signature or unseal the packet */ switch (c->security_state.auth_info->auth_level) { case DCERPC_AUTH_LEVEL_PRIVACY: @@ -433,6 +432,13 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c, return status; } dcerpc_set_auth_length(blob, creds2.length); + if (c->security_state.auth_info->credentials.length == 0) { + /* this is needed for krb5 only, to correct the total packet + length */ + dcerpc_set_frag_length(blob, + dcerpc_get_frag_length(blob) + +creds2.length); + } break; case DCERPC_AUTH_LEVEL_INTEGRITY: @@ -454,6 +460,13 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c, return status; } dcerpc_set_auth_length(blob, creds2.length); + if (c->security_state.auth_info->credentials.length == 0) { + /* this is needed for krb5 only, to correct the total packet + length */ + dcerpc_set_frag_length(blob, + dcerpc_get_frag_length(blob) + +creds2.length); + } break; case DCERPC_AUTH_LEVEL_CONNECT: -- cgit